From 79cfce2d1d53059f2d307b4ffefedd068b05a1b6 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 1 Oct 2025 14:17:39 +0100 Subject: [PATCH 1/3] wolfPKCS 2.0 support `wolfPKCS11_Store_Remove` was added in wolfPKCS11 2.0, support for it is needed. --- src/pkcs11_store.c | 13 +++++++++++++ tools/unit-tests/unit-pkcs11_store.c | 13 +++++++++++++ 2 files changed, 26 insertions(+) diff --git a/src/pkcs11_store.c b/src/pkcs11_store.c index 6c52c41546..e46badd488 100644 --- a/src/pkcs11_store.c +++ b/src/pkcs11_store.c @@ -530,4 +530,17 @@ int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len) return len; } +int wolfPKCS11_Store_Remove(int type, CK_ULONG id1, CK_ULONG id2) +{ + uint8_t* buf; + + check_vault(); + buf = find_object_buffer((int32_t)type, (uint32_t)id1, (uint32_t)id2); + if (buf == NULL) + return NOT_AVAILABLE_E; + + delete_object((int32_t)type, (uint32_t)id1, (uint32_t)id2); + return 0; +} + #endif /* SECURE_PKCS11 */ diff --git a/tools/unit-tests/unit-pkcs11_store.c b/tools/unit-tests/unit-pkcs11_store.c index 0dd0668673..ffa244f00d 100644 --- a/tools/unit-tests/unit-pkcs11_store.c +++ b/tools/unit-tests/unit-pkcs11_store.c @@ -55,6 +55,7 @@ #include "user_settings.h" #include "wolfssl/wolfcrypt/sha.h" +#include "wolfssl/wolfcrypt/error-crypt.h" #include "wolfboot/wolfboot.h" #include "wolfpkcs11/pkcs11.h" #include "hal.h" @@ -264,6 +265,18 @@ START_TEST (test_store_and_load_objs) { ck_assert(ret == strlen(short_string) + 1); ck_assert(strcmp(short_string, secret_rd) == 0); wolfPKCS11_Store_Close(store); + + /* Remove the object and confirm it is no longer addressable */ + ret = wolfPKCS11_Store_Remove(type, id_tok, id_obj); + ck_assert_msg(ret == 0, "Failed to delete vault: %d", ret); + + readonly = 1; + ret = wolfPKCS11_Store_Open(type, id_tok, id_obj, readonly, &store); + ck_assert_int_eq(ret, NOT_AVAILABLE_E); + + /* Second removal attempt should report the object is already gone */ + ret = wolfPKCS11_Store_Remove(type, id_tok, id_obj); + ck_assert_int_eq(ret, NOT_AVAILABLE_E); } END_TEST From 4d6671c4456419cb16d18a549776e39a6292158c Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Wed, 1 Oct 2025 14:37:02 +0100 Subject: [PATCH 2/3] Update wolfPKCS11 to 2.0.0 --- lib/wolfPKCS11 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11 index ddeb8877d0..6b76537e4c 160000 --- a/lib/wolfPKCS11 +++ b/lib/wolfPKCS11 @@ -1 +1 @@ -Subproject commit ddeb8877d088796edc187e254068755628349d8e +Subproject commit 6b76537e4cc5bea0358b7059fda26d1872584be4 From 2276a6300606a5e4523a9e05632cb7e2775f594e Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Thu, 2 Oct 2025 06:14:32 +0100 Subject: [PATCH 3/3] Update wolfPKCS11 to master Includes a SHA512 fix required for wolfBoot --- lib/wolfPKCS11 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11 index 6b76537e4c..d8d3e2d2b6 160000 --- a/lib/wolfPKCS11 +++ b/lib/wolfPKCS11 @@ -1 +1 @@ -Subproject commit 6b76537e4cc5bea0358b7059fda26d1872584be4 +Subproject commit d8d3e2d2b6e9e13309f826b87c8275a81a17ea72